SUSE-RU-2021:2770-1: moderate: Recommended update for openCryptoki

Wed Aug 18 01:16:46 UTC 2021

   SUSE Recommended Update: Recommended update for openCryptoki
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:2770-1
Rating:             moderate
References:         #1179319 #1182120 #1182190 #1182726 #1185976 
                    #1188879 ECO-2377 SLE-14723 
Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________

   An update that has 6 recommended fixes and contains two
   features can now be installed.

Description:

   This update for openCryptoki fixes the following issues:

   - Fixed a bug where the pkcscca migration fails with usr/sb2 is not a
     valid slot ID (bsc#1182120)
   - Fixed a segmentation fault of the sess_opstate test on the Soft Token
     (bsc#1182190)
   - Fixed a segmentation fault of the p11sak list-key (bsc#1182726)
   - Fixed an issue when soft token does not check if an EC key is valid.
     (bsc#1185976)
   - Fixed an issue when the rendered config file incompatible and
     opencryptoki slot daemon is not able to start up again after migration.
     (bsc#1188879)

   Upgraded from version 3.12.1 to 3.15.1 (jsc#SLE-14723)

   - Conform to PKCS 11 3.0 Baseline Provider profile
   - Introduce new vendor defined interface named "Vendor IBM"
   - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
   - CCA: support key wrapping
   - SOFT: support ECC
   - p11sak tool: add remove-key command
   - EP11: Dilitium support stage 2
   - Common: Rework on process, thread, btree and object locking
   - TPM, ICA, ICSF: support multiple token instances
   - new tool p11sak
   - EP11: Dilithium support
   - EP11: EdDSA support
   - EP11: support RSA-OAEP with non-SHA1 hash and MGF
   - Fix compiling with C++ (bsc#1179319)
   - Added error message handling for p11sak remove-key command. (bsc#1179319)

Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2770=1

Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      openCryptoki-3.15.1-4.9.1
      openCryptoki-debuginfo-3.15.1-4.9.1
      openCryptoki-debugsource-3.15.1-4.9.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le s390x x86_64):

      openCryptoki-devel-3.15.1-4.9.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le s390x):

      openCryptoki-64bit-3.15.1-4.9.1
      openCryptoki-64bit-debuginfo-3.15.1-4.9.1

References:

   https://bugzilla.suse.com/1179319
   https://bugzilla.suse.com/1182120
   https://bugzilla.suse.com/1182190
   https://bugzilla.suse.com/1182726
   https://bugzilla.suse.com/1185976
   https://bugzilla.suse.com/1188879